package cn.lily.com.lang;

import java.text.CharacterIterator;
import java.text.StringCharacterIterator;
import java.util.regex.Matcher;
import java.util.regex.Pattern;

import cn.lily.com.exception.YaconException;

public class VerifyData {
  
	/**
   * 校验ＩＰ是否正确
   * @param ip
   * @return
   */
  public static boolean isIP(String ip)
  {
	  Pattern pattern = Pattern.compile("\\b((?!\\d\\d\\d)\\d+|1\\d\\d|2[0-4]\\d|25[0-5])\\.((?!\\d\\d\\d)\\d+|1\\d\\d|2[0-4]\\d|25[0-5])\\.((?!\\d\\d\\d)\\d+|1\\d\\d|2[0-4]\\d|25[0-5])\\.((?!\\d\\d\\d)\\d+|1\\d\\d|2[0-4]\\d|25[0-5])\\b");
	  Matcher matcher = pattern.matcher(ip); 	  
	  return matcher.matches();
	 
  }
  /**
   * 检查字符串是否包含数据库不允许字符
   * @param sqlField 字段检查值
   * @return 含有返回true;
   */
  public static boolean ISSQLInjection(String sqlField){
	  
		/*if (sqlField == null || "".equals(sqlField)) {
			return false;
		}

		String lowSqlField = sqlField.toLowerCase();

		String inj_str = "and |or |insert |select |delete |update |drop |all |backup |exec |truncate |create |master ";

		String[] inj_stra = inj_str.split("\\|");

		for (int i = 0; i < inj_stra.length; i++) {
			
			if(checkSql(lowSqlField, inj_stra[i])){
				return true;
			}

		}*/

		return false;
		
  }
  
  /**
   * 
   * @param sql
   * @param exp
   * @return
   */
  public static boolean checkSql(String sql,String exp){
	  
	  int index = sql.indexOf(exp);
	  
	  int endex = index + exp.length();
	  
	  if(index < 0){
		  return false;
	  }
	  
	  else if(index == 0){
		  return true;
	  }
	  
	  else{
		  
		  String prev = sql.substring(index-1,index);
		  
		  if("abcdefghigklmnopqrstuvwxyz0123456789".indexOf(prev)<0){
			  return true;
		  }else{
			  
			  if((sql.length()-1)<endex){
				  return false;
			  }
			  
			  return checkSql(sql.substring(endex),exp);
			  
		  }
		  
	  }
	  
  }
  
  /**
   * 检查字符串是否包含数据库不允许字符
   * @param sqlField 字段检查值
   * @return 含有报错,不含有返回原值。
   */
  public static String getSQLInjectField(String sqlField)
  {
	  
	  if(sqlField != null){
		  sqlField = sqlField.replaceAll("'", "’").replaceAll("\"", "”");
	  }
	   
	  if(ISSQLInjection(sqlField)){
		  throw new YaconException("数据中含有非法的字符！"+sqlField);
	  }
      else
          return sqlField;
   }
  
   /**
    * URL - 过滤
    * @param paramValue
    * @return
    */
	public static String urlFilter(String paramValue) {
		
		if(paramValue==null||paramValue.equals("")){
			 return paramValue;
		}

		StringBuffer sb = new StringBuffer();

		StringCharacterIterator iterator = new StringCharacterIterator(paramValue);

		char character = iterator.current();
		while (character != CharacterIterator.DONE) {
			
			if (character == '<') {
				sb.append("");
			} 
			
			else if (character == '"') {
				sb.append("");
			}
			
			else if (character == '>') {
				sb.append("");
			} 
			
			else if (character == '&') {
				sb.append("");
			}
			
			else if (character == '\'') {
				sb.append("");
			}
			
			else {
				sb.append(character);
			}
			character = iterator.next();
			
			
			
		}
		return sb.toString();
	}
	
	/**
	 * XSS 过滤
	 * @param paramValue
	 * @return
	 */
	public static String xssFilter(String paramValue){
		
		if(paramValue==null||paramValue.equals("")){
			 return paramValue;
		}
	
		String retValue = paramValue;
		
		retValue = retValue.replaceAll(">", "");
		retValue = retValue.replaceAll("<", "");
		retValue = retValue.replaceAll("&", "");
		retValue = retValue.replaceAll("\\\"", "");
		retValue = retValue.replaceAll("'", "");
		
		return retValue;
	}
  
	public static void main(String[] args) {
		
		System.out.println(ISSQLInjection(" select * from XXX"));
	}
}

